linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrei Vagin <avagin@gmail.com>
To: David Howells <dhowells@redhat.com>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: [dhowells/mount-api] general protection fault in mqueue_get_tree
Date: Mon, 10 Sep 2018 15:43:58 -0700	[thread overview]
Message-ID: <CANaxB-yAhV9WW6gEBswPTH5R65wpRoxm_ygOn5Vj6Pzg2RSwLw@mail.gmail.com> (raw)

Hi David,

I tried to run CRIU tests on your tree and found that it is impossible
to create a new ipc namespace:

[root@fc24 ~]# unshare -i
Segmentation fault

[root@fc24 ~]# dmesg
[   17.934761] general protection fault: 0000 [#1] SMP PTI
[   17.948481] CPU: 1 PID: 608 Comm: unshare Not tainted
4.19.0-rc2-00229-g0dd59e0a0039 #11
[   17.957983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS ?-20180531_142017-buildhw-08.phx2.fedoraproject.org-1.fc28
04/01/2014
[   17.961548] RIP: 0010:mqueue_get_tree+0x2f/0xb0
[   17.962283] Code: 41 54 55 53 4c 8b a7 90 00 00 00 48 89 fb 48 c7
c7 20 e5 4d 8d e8 71 4a 55 00 49 8b 04 24 48 8b 80 c8 06 00 00 48 85
c0 74 2e <48> 8b 40 08 48 8b 68 68 48 85 ed 74 0c 48 8d bd 80 00 00 00
e8 68
[   17.965269] RSP: 0018:ffffae47c0c1bdf8 EFLAGS: 00010202
[   17.966491] RAX: 6b6b6b6b6b6b6b6b RBX: ffff8ada34f4ac68 RCX: 00000000ff96505d
[   17.967799] RDX: 0000000000000001 RSI: 0000000004bef0d5 RDI: ffffffff8d4de520
[   17.969124] RBP: ffff8ada2be34108 R08: 0000000000000001 R09: 0000000000000000
[   17.970363] R10: ffffffff8d4de538 R11: ffffffff8e252540 R12: ffff8ada383cd4e0
[   17.971513] R13: 0000000000000000 R14: ffff8ada2bed8040 R15: 0000000000000000
[   17.972530] FS:  00007f1b78b0e500(0000) GS:ffff8ada3bb00000(0000)
knlGS:0000000000000000
[   17.973662] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   17.974514] CR2: 00007f1b78629d00 CR3: 000000012bece006 CR4: 00000000003606e0
[   17.975649] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   17.976748] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   17.977801] Call Trace:
[   17.978175]  vfs_get_tree+0x6e/0x170
[   17.978720]  mq_create_mount+0x62/0xb0
[   17.979292]  mq_init_ns+0x37/0x50
[   17.979798]  copy_ipcs+0xc9/0x160
[   17.980342]  create_new_namespaces+0xce/0x1b0
[   17.981016]  unshare_nsproxy_namespaces+0x55/0xb0
[   17.981786]  ksys_unshare+0x187/0x350
[   17.982373]  __x64_sys_unshare+0xe/0x20
[   17.982955]  do_syscall_64+0x60/0x210
[   17.983526]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   17.984283] RIP: 0033:0x7f1b78642c57
[   17.985062] Code: 73 01 c3 48 8b 0d 49 a2 2b 00 f7 d8 64 89 01 48
83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 10 01 00
00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 19 a2 2b 00 f7 d8 64 89
01 48
[   17.988297] RSP: 002b:00007ffe7f1128f8 EFLAGS: 00000246 ORIG_RAX:
0000000000000110
[   17.989578] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1b78642c57
[   17.990708] RDX: 00007f1b788fffe0 RSI: 0000000000000001 RDI: 0000000008000000
[   17.991603] RBP: 0000000008000000 R08: 0000000000000000 R09: 0000000000000000
[   17.992642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7f112a78
[   17.993657] R13: 0000000000000002 R14: 0000564e394c1a20 R15: 00000000ffffffff
[   17.994637] Modules linked in:
[   17.995089] ---[ end trace 15aed20d3dd9b964 ]---
[   17.995737] RIP: 0010:mqueue_get_tree+0x2f/0xb0
[   17.996393] Code: 41 54 55 53 4c 8b a7 90 00 00 00 48 89 fb 48 c7
c7 20 e5 4d 8d e8 71 4a 55 00 49 8b 04 24 48 8b 80 c8 06 00 00 48 85
c0 74 2e <48> 8b 40 08 48 8b 68 68 48 85 ed 74 0c 48 8d bd 80 00 00 00
e8 68
[   17.998975] RSP: 0018:ffffae47c0c1bdf8 EFLAGS: 00010202
[   17.999728] RAX: 6b6b6b6b6b6b6b6b RBX: ffff8ada34f4ac68 RCX: 00000000ff96505d
[   18.000748] RDX: 0000000000000001 RSI: 0000000004bef0d5 RDI: ffffffff8d4de520
[   18.001829] RBP: ffff8ada2be34108 R08: 0000000000000001 R09: 0000000000000000
[   18.002823] R10: ffffffff8d4de538 R11: ffffffff8e252540 R12: ffff8ada383cd4e0
[   18.003835] R13: 0000000000000000 R14: ffff8ada2bed8040 R15: 0000000000000000
[   18.004857] FS:  00007f1b78b0e500(0000) GS:ffff8ada3bb00000(0000)
knlGS:0000000000000000
[   18.005976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   18.006801] CR2: 00007f1b78629d00 CR3: 000000012bece006 CR4: 00000000003606e0
[   18.007802] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   18.008803] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   18.009806] BUG: sleeping function called from invalid context at
include/linux/percpu-rwsem.h:34
[   18.011025] in_atomic(): 1, irqs_disabled(): 0, pid: 608, name: unshare
[   18.011979] INFO: lockdep is turned off.
[   18.012568] CPU: 1 PID: 608 Comm: unshare Tainted: G      D
  4.19.0-rc2-00229-g0dd59e0a0039 #11
[   18.013886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS ?-20180531_142017-buildhw-08.phx2.fedoraproject.org-1.fc28
04/01/2014
[   18.015605] Call Trace:
[   18.015965]  dump_stack+0x85/0xc0
[   18.016431]  ___might_sleep.cold.73+0xac/0xbc
[   18.017030]  exit_signals+0x30/0x250
[   18.017521]  do_exit+0xb0/0xb70
[   18.017967]  ? ksys_unshare+0x187/0x350
[   18.018509]  rewind_stack_do_exit+0x17/0x20
[   18.019104] note: unshare[608] exited with preempt_count 1

$ git describe dhowells-fs/mount-api
v4.19-rc2-226-g2615362dc9ce

This issue disappears with this patch:
diff --git a/ipc/namespace.c b/ipc/namespace.c
index 21607791d62c..17de21d62b4d 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -50,6 +50,7 @@ static struct ipc_namespace *create_ipc_ns(struct
user_namespace *user_ns,
        if (err)
                goto fail_free;
        ns->ns.ops = &ipcns_operations;
+       ns->mq_mnt = NULL;

        refcount_set(&ns->count, 1);
        ns->user_ns = get_user_ns(user_ns);

             reply	other threads:[~2018-09-11  3:40 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-10 22:43 Andrei Vagin [this message]
2018-09-11 20:20 ` [dhowells/mount-api] general protection fault in mqueue_get_tree David Howells
2018-09-11 20:27   ` Andrei Vagin
2018-09-11 21:00   ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CANaxB-yAhV9WW6gEBswPTH5R65wpRoxm_ygOn5Vj6Pzg2RSwLw@mail.gmail.com \
    --to=avagin@gmail.com \
    --cc=dhowells@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).